1 # Fast BSS Transition tests
2 # Copyright (c) 2013-2017, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
7 from remotehost
import remote_compatible
12 logger
= logging
.getLogger()
17 from tshark
import run_tshark
18 from utils
import HwsimSkip
, alloc_fail
, fail_test
, wait_fail_trigger
, skip_with_fips
, parse_ie
19 from wlantest
import Wlantest
20 from test_ap_psk
import check_mib
, find_wpas_process
, read_process_memory
, verify_not_present
, get_key_locations
23 params
= { "wpa": "2",
24 "wpa_key_mgmt": "FT-PSK",
25 "rsn_pairwise": "CCMP" }
29 params
= { "wpa": "3",
30 "wpa_key_mgmt": "WPA-PSK FT-PSK",
31 "wpa_pairwise": "TKIP",
32 "rsn_pairwise": "CCMP" }
35 def ft_params(rsn
=True, ssid
=None, passphrase
=None):
37 params
= ft_base_rsn()
39 params
= ft_base_mixed()
43 params
["wpa_passphrase"] = passphrase
45 params
["mobility_domain"] = "a1b2"
46 params
["r0_key_lifetime"] = "10000"
47 params
["pmk_r1_push"] = "1"
48 params
["reassociation_deadline"] = "1000"
51 def ft_params1a(rsn
=True, ssid
=None, passphrase
=None):
52 params
= ft_params(rsn
, ssid
, passphrase
)
53 params
['nas_identifier'] = "nas1.w1.fi"
54 params
['r1_key_holder'] = "000102030405"
57 def ft_params1(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
58 params
= ft_params1a(rsn
, ssid
, passphrase
)
60 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
61 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
63 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
64 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
65 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
68 def ft_params1_old_key(rsn
=True, ssid
=None, passphrase
=None):
69 params
= ft_params1a(rsn
, ssid
, passphrase
)
70 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f",
71 "02:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f" ]
72 params
['r1kh'] = "02:00:00:00:04:00 00:01:02:03:04:06 200102030405060708090a0b0c0d0e0f"
75 def ft_params2a(rsn
=True, ssid
=None, passphrase
=None):
76 params
= ft_params(rsn
, ssid
, passphrase
)
77 params
['nas_identifier'] = "nas2.w1.fi"
78 params
['r1_key_holder'] = "000102030406"
81 def ft_params2(rsn
=True, ssid
=None, passphrase
=None, discovery
=False):
82 params
= ft_params2a(rsn
, ssid
, passphrase
)
84 params
['r0kh'] = "ff:ff:ff:ff:ff:ff * 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
85 params
['r1kh'] = "00:00:00:00:00:00 00:00:00:00:00:00 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f"
87 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
88 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
89 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
92 def ft_params2_old_key(rsn
=True, ssid
=None, passphrase
=None):
93 params
= ft_params2a(rsn
, ssid
, passphrase
)
94 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f",
95 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f" ]
96 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0e0f"
99 def ft_params1_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
100 params
= ft_params(rsn
, ssid
, passphrase
)
101 params
['nas_identifier'] = "nas1.w1.fi"
102 params
['r1_key_holder'] = "000102030405"
103 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 100102030405060708090a0b0c0d0e0f100102030405060708090a0b0c0d0e0f",
104 "12:00:00:00:04:00 nas2.w1.fi 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f" ]
105 params
['r1kh'] = "12:00:00:00:04:00 10:01:02:03:04:06 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f"
108 def ft_params2_incorrect_rrb_key(rsn
=True, ssid
=None, passphrase
=None):
109 params
= ft_params(rsn
, ssid
, passphrase
)
110 params
['nas_identifier'] = "nas2.w1.fi"
111 params
['r1_key_holder'] = "000102030406"
112 params
['r0kh'] = [ "02:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0ef1200102030405060708090a0b0c0d0ef1",
113 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0ef2000102030405060708090a0b0c0d0ef2" ]
114 params
['r1kh'] = "02:00:00:00:03:00 00:01:02:03:04:05 300102030405060708090a0b0c0d0ef3300102030405060708090a0b0c0d0ef3"
117 def ft_params2_r0kh_mismatch(rsn
=True, ssid
=None, passphrase
=None):
118 params
= ft_params(rsn
, ssid
, passphrase
)
119 params
['nas_identifier'] = "nas2.w1.fi"
120 params
['r1_key_holder'] = "000102030406"
121 params
['r0kh'] = [ "12:00:00:00:03:00 nas1.w1.fi 200102030405060708090a0b0c0d0e0f200102030405060708090a0b0c0d0e0f",
122 "02:00:00:00:04:00 nas2.w1.fi 000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f" ]
123 params
['r1kh'] = "12:00:00:00:03:00 10:01:02:03:04:05 300102030405060708090a0b0c0d0e0f300102030405060708090a0b0c0d0e0f"
126 def run_roams(dev
, apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=False,
127 sae
=False, eap
=False, fail_test
=False, roams
=1,
128 pairwise_cipher
="CCMP", group_cipher
="TKIP CCMP", ptk_rekey
="0",
129 test_connectivity
=True, eap_identity
="gpsk user", conndev
=False,
130 force_initial_conn_to_first_ap
=False, sha384
=False,
132 logger
.info("Connect to first AP")
135 copts
["proto"] = "WPA2"
136 copts
["ieee80211w"] = "1"
137 copts
["scan_freq"] = "2412"
138 copts
["pairwise"] = pairwise_cipher
139 copts
["group"] = group_cipher
140 copts
["wpa_ptk_rekey"] = ptk_rekey
142 copts
["group_mgmt"] = group_mgmt
144 copts
["key_mgmt"] = "FT-EAP-SHA384" if sha384
else "FT-EAP"
145 copts
["eap"] = "GPSK"
146 copts
["identity"] = eap_identity
147 copts
["password"] = "abcdefghijklmnop0123456789abcdef"
150 copts
["key_mgmt"] = "FT-SAE"
152 copts
["key_mgmt"] = "FT-PSK"
153 copts
["psk"] = passphrase
154 if force_initial_conn_to_first_ap
:
155 copts
["bssid"] = apdev
[0]['bssid']
156 dev
.connect(ssid
, **copts
)
158 if dev
.get_status_field('bssid') == apdev
[0]['bssid']:
168 if test_connectivity
:
170 hwsim_utils
.test_connectivity_iface(dev
, hapd1ap
, conndev
)
172 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
174 dev
.scan_for_bss(ap2
['bssid'], freq
="2412")
176 for i
in range(0, roams
):
177 # Roaming artificially fast can make data test fail because the key is
180 logger
.info("Roam to the second AP")
182 dev
.roam_over_ds(ap2
['bssid'], fail_test
=fail_test
)
184 dev
.roam(ap2
['bssid'], fail_test
=fail_test
)
187 if dev
.get_status_field('bssid') != ap2
['bssid']:
188 raise Exception("Did not connect to correct AP")
189 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
191 hwsim_utils
.test_connectivity_iface(dev
, hapd2ap
, conndev
)
193 hwsim_utils
.test_connectivity(dev
, hapd2ap
)
195 # Roaming artificially fast can make data test fail because the key is
198 logger
.info("Roam back to the first AP")
200 dev
.roam_over_ds(ap1
['bssid'])
202 dev
.roam(ap1
['bssid'])
203 if dev
.get_status_field('bssid') != ap1
['bssid']:
204 raise Exception("Did not connect to correct AP")
205 if (i
== 0 or i
== roams
- 1) and test_connectivity
:
207 hwsim_utils
.test_connectivity_iface(dev
, hapd1ap
, conndev
)
209 hwsim_utils
.test_connectivity(dev
, hapd1ap
)
211 def test_ap_ft(dev
, apdev
):
214 passphrase
="12345678"
216 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
217 hapd0
= hostapd
.add_ap(apdev
[0], params
)
218 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
219 hapd1
= hostapd
.add_ap(apdev
[1], params
)
221 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
222 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
223 raise Exception("Scan results missing RSN element info")
225 def test_ap_ft_old_key(dev
, apdev
):
226 """WPA2-PSK-FT AP (old key)"""
228 passphrase
="12345678"
230 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
231 hapd0
= hostapd
.add_ap(apdev
[0], params
)
232 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
233 hapd1
= hostapd
.add_ap(apdev
[1], params
)
235 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
237 def test_ap_ft_multi_akm(dev
, apdev
):
238 """WPA2-PSK-FT AP with non-FT AKMs enabled"""
240 passphrase
="12345678"
242 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
243 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
244 hapd0
= hostapd
.add_ap(apdev
[0], params
)
245 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
246 params
["wpa_key_mgmt"] = "FT-PSK WPA-PSK WPA-PSK-SHA256"
247 hapd1
= hostapd
.add_ap(apdev
[1], params
)
249 Wlantest
.setup(hapd0
)
252 wt
.add_passphrase(passphrase
)
254 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
255 if "[WPA2-PSK+FT/PSK+PSK-SHA256-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
256 raise Exception("Scan results missing RSN element info")
257 dev
[1].connect(ssid
, psk
=passphrase
, scan_freq
="2412")
258 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK-SHA256",
261 def test_ap_ft_local_key_gen(dev
, apdev
):
262 """WPA2-PSK-FT AP with local key generation (without pull/push)"""
264 passphrase
="12345678"
266 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
267 params
['ft_psk_generate_local'] = "1";
268 del params
['pmk_r1_push']
269 hapd0
= hostapd
.add_ap(apdev
[0], params
)
270 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
271 params
['ft_psk_generate_local'] = "1";
272 del params
['pmk_r1_push']
273 hapd1
= hostapd
.add_ap(apdev
[1], params
)
275 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
276 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
277 raise Exception("Scan results missing RSN element info")
279 def test_ap_ft_vlan(dev
, apdev
):
280 """WPA2-PSK-FT AP with VLAN"""
282 passphrase
="12345678"
284 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
285 params
['dynamic_vlan'] = "1";
286 params
['accept_mac_file'] = "hostapd.accept";
287 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
289 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
290 params
['dynamic_vlan'] = "1";
291 params
['accept_mac_file'] = "hostapd.accept";
292 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
294 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1")
295 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
296 raise Exception("Scan results missing RSN element info")
298 def test_ap_ft_vlan_disconnected(dev
, apdev
):
299 """WPA2-PSK-FT AP with VLAN and local key generation"""
301 passphrase
="12345678"
303 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
304 params
['dynamic_vlan'] = "1";
305 params
['accept_mac_file'] = "hostapd.accept";
306 params
['ft_psk_generate_local'] = "1";
307 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
309 params
= ft_params2a(ssid
=ssid
, passphrase
=passphrase
)
310 params
['dynamic_vlan'] = "1";
311 params
['accept_mac_file'] = "hostapd.accept";
312 params
['ft_psk_generate_local'] = "1";
313 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
315 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1")
316 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
317 raise Exception("Scan results missing RSN element info")
319 def test_ap_ft_vlan_2(dev
, apdev
):
320 """WPA2-PSK-FT AP with VLAN and dest-AP does not have VLAN info locally"""
322 passphrase
="12345678"
324 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
325 params
['dynamic_vlan'] = "1";
326 params
['accept_mac_file'] = "hostapd.accept";
327 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
329 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
330 params
['dynamic_vlan'] = "1";
331 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
333 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, conndev
="brvlan1",
334 force_initial_conn_to_first_ap
=True)
335 if "[WPA2-FT/PSK-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
336 raise Exception("Scan results missing RSN element info")
338 def test_ap_ft_many(dev
, apdev
):
339 """WPA2-PSK-FT AP multiple times"""
341 passphrase
="12345678"
343 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
344 hapd0
= hostapd
.add_ap(apdev
[0], params
)
345 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
346 hapd1
= hostapd
.add_ap(apdev
[1], params
)
348 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50)
350 def test_ap_ft_many_vlan(dev
, apdev
):
351 """WPA2-PSK-FT AP with VLAN multiple times"""
353 passphrase
="12345678"
355 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
356 params
['dynamic_vlan'] = "1";
357 params
['accept_mac_file'] = "hostapd.accept";
358 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
360 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
361 params
['dynamic_vlan'] = "1";
362 params
['accept_mac_file'] = "hostapd.accept";
363 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
365 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, roams
=50,
368 def test_ap_ft_mixed(dev
, apdev
):
369 """WPA2-PSK-FT mixed-mode AP"""
370 ssid
= "test-ft-mixed"
371 passphrase
="12345678"
373 params
= ft_params1(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
374 hapd
= hostapd
.add_ap(apdev
[0], params
)
375 key_mgmt
= hapd
.get_config()['key_mgmt']
376 vals
= key_mgmt
.split(' ')
377 if vals
[0] != "WPA-PSK" or vals
[1] != "FT-PSK":
378 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
379 params
= ft_params2(rsn
=False, ssid
=ssid
, passphrase
=passphrase
)
380 hapd1
= hostapd
.add_ap(apdev
[1], params
)
382 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
)
384 def test_ap_ft_pmf(dev
, apdev
):
385 """WPA2-PSK-FT AP with PMF"""
387 passphrase
="12345678"
389 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
390 params
["ieee80211w"] = "2"
391 hapd0
= hostapd
.add_ap(apdev
[0], params
)
392 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
393 params
["ieee80211w"] = "2"
394 hapd1
= hostapd
.add_ap(apdev
[1], params
)
396 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
398 def test_ap_ft_pmf_bip_cmac_128(dev
, apdev
):
399 """WPA2-PSK-FT AP with PMF/BIP-CMAC-128"""
400 run_ap_ft_pmf_bip(dev
, apdev
, "AES-128-CMAC")
402 def test_ap_ft_pmf_bip_gmac_128(dev
, apdev
):
403 """WPA2-PSK-FT AP with PMF/BIP-GMAC-128"""
404 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-GMAC-128")
406 def test_ap_ft_pmf_bip_gmac_256(dev
, apdev
):
407 """WPA2-PSK-FT AP with PMF/BIP-GMAC-256"""
408 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-GMAC-256")
410 def test_ap_ft_pmf_bip_cmac_256(dev
, apdev
):
411 """WPA2-PSK-FT AP with PMF/BIP-CMAC-256"""
412 run_ap_ft_pmf_bip(dev
, apdev
, "BIP-CMAC-256")
414 def run_ap_ft_pmf_bip(dev
, apdev
, cipher
):
415 if cipher
not in dev
[0].get_capability("group_mgmt"):
416 raise HwsimSkip("Cipher %s not supported" % cipher
)
419 passphrase
="12345678"
421 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
422 params
["ieee80211w"] = "2"
423 params
["group_mgmt_cipher"] = cipher
424 hapd0
= hostapd
.add_ap(apdev
[0], params
)
425 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
426 params
["ieee80211w"] = "2"
427 params
["group_mgmt_cipher"] = cipher
428 hapd1
= hostapd
.add_ap(apdev
[1], params
)
430 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
433 def test_ap_ft_over_ds(dev
, apdev
):
434 """WPA2-PSK-FT AP over DS"""
436 passphrase
="12345678"
438 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
439 hapd0
= hostapd
.add_ap(apdev
[0], params
)
440 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
441 hapd1
= hostapd
.add_ap(apdev
[1], params
)
443 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
444 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
445 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
447 def test_ap_ft_over_ds_disabled(dev
, apdev
):
448 """WPA2-PSK-FT AP over DS disabled"""
450 passphrase
="12345678"
452 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
453 params
['ft_over_ds'] = '0'
454 hapd0
= hostapd
.add_ap(apdev
[0], params
)
455 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
456 params
['ft_over_ds'] = '0'
457 hapd1
= hostapd
.add_ap(apdev
[1], params
)
459 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
462 def test_ap_ft_vlan_over_ds(dev
, apdev
):
463 """WPA2-PSK-FT AP over DS with VLAN"""
465 passphrase
="12345678"
467 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
468 params
['dynamic_vlan'] = "1";
469 params
['accept_mac_file'] = "hostapd.accept";
470 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
471 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
472 params
['dynamic_vlan'] = "1";
473 params
['accept_mac_file'] = "hostapd.accept";
474 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
476 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
478 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"),
479 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ])
481 def test_ap_ft_over_ds_many(dev
, apdev
):
482 """WPA2-PSK-FT AP over DS multiple times"""
484 passphrase
="12345678"
486 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
487 hapd0
= hostapd
.add_ap(apdev
[0], params
)
488 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
489 hapd1
= hostapd
.add_ap(apdev
[1], params
)
491 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
494 def test_ap_ft_vlan_over_ds_many(dev
, apdev
):
495 """WPA2-PSK-FT AP over DS with VLAN multiple times"""
497 passphrase
="12345678"
499 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
500 params
['dynamic_vlan'] = "1";
501 params
['accept_mac_file'] = "hostapd.accept";
502 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
503 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
504 params
['dynamic_vlan'] = "1";
505 params
['accept_mac_file'] = "hostapd.accept";
506 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
508 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
509 roams
=50, conndev
="brvlan1")
512 def test_ap_ft_over_ds_unknown_target(dev
, apdev
):
515 passphrase
="12345678"
517 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
518 hapd0
= hostapd
.add_ap(apdev
[0], params
)
520 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
522 dev
[0].roam_over_ds("02:11:22:33:44:55", fail_test
=True)
525 def test_ap_ft_over_ds_unexpected(dev
, apdev
):
526 """WPA2-PSK-FT AP over DS and unexpected response"""
528 passphrase
="12345678"
530 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
531 hapd0
= hostapd
.add_ap(apdev
[0], params
)
532 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
533 hapd1
= hostapd
.add_ap(apdev
[1], params
)
535 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
537 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
548 addr
= dev
[0].own_addr()
549 hapd1ap
.set("ext_mgmt_frame_handling", "1")
550 logger
.info("Foreign STA address")
554 msg
['sa'] = ap1
['bssid']
555 msg
['bssid'] = ap1
['bssid']
556 msg
['payload'] = binascii
.unhexlify("06021122334455660102030405060000")
559 logger
.info("No over-the-DS in progress")
560 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
563 logger
.info("Non-zero status code")
564 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060100")
567 hapd1ap
.dump_monitor()
569 dev
[0].scan_for_bss(ap2
['bssid'], freq
="2412")
570 if "OK" not in dev
[0].request("FT_DS " + ap2
['bssid']):
571 raise Exception("FT_DS failed")
573 req
= hapd1ap
.mgmt_rx()
575 logger
.info("Foreign Target AP")
576 msg
['payload'] = binascii
.unhexlify("0602" + addr
.replace(':', '') + "0102030405060000")
579 addrs
= addr
.replace(':', '') + ap2
['bssid'].replace(':', '')
581 logger
.info("No IEs")
582 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "0000")
585 logger
.info("Invalid IEs (trigger parsing failure)")
586 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003700")
589 logger
.info("Too short MDIE")
590 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "000036021122")
593 logger
.info("Mobility domain mismatch")
594 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603112201")
597 logger
.info("No FTIE")
598 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201")
601 logger
.info("FTIE SNonce mismatch")
602 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "1000000000000000000000000000000000000000000000000000000000000001" + "030a6e6173322e77312e6669")
605 logger
.info("No R0KH-ID subelem in FTIE")
606 snonce
= binascii
.hexlify(req
['payload'][111:111+32])
607 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137520000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
)
610 logger
.info("No R0KH-ID subelem mismatch in FTIE")
611 snonce
= binascii
.hexlify(req
['payload'][111:111+32])
612 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a11223344556677889900")
615 logger
.info("No R1KH-ID subelem in FTIE")
616 r0khid
= binascii
.hexlify(req
['payload'][145:145+10])
617 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b201375e0000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
)
620 logger
.info("No RSNE")
621 r0khid
= binascii
.hexlify(req
['payload'][145:145+10])
622 msg
['payload'] = binascii
.unhexlify("0602" + addrs
+ "00003603a1b20137660000" + "00000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + snonce
+ "030a" + r0khid
+ "0106000102030405")
625 def test_ap_ft_pmf_over_ds(dev
, apdev
):
626 """WPA2-PSK-FT AP over DS with PMF"""
628 passphrase
="12345678"
630 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
631 params
["ieee80211w"] = "2"
632 hapd0
= hostapd
.add_ap(apdev
[0], params
)
633 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
634 params
["ieee80211w"] = "2"
635 hapd1
= hostapd
.add_ap(apdev
[1], params
)
637 def test_ap_ft_pmf_bip_cmac_128_over_ds(dev
, apdev
):
638 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-128"""
639 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "AES-128-CMAC")
641 def test_ap_ft_pmf_bip_gmac_128_over_ds(dev
, apdev
):
642 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-128"""
643 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-GMAC-128")
645 def test_ap_ft_pmf_bip_gmac_256_over_ds(dev
, apdev
):
646 """WPA2-PSK-FT AP over DS with PMF/BIP-GMAC-256"""
647 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-GMAC-256")
649 def test_ap_ft_pmf_bip_cmac_256_over_ds(dev
, apdev
):
650 """WPA2-PSK-FT AP over DS with PMF/BIP-CMAC-256"""
651 run_ap_ft_pmf_bip_over_ds(dev
, apdev
, "BIP-CMAC-256")
653 def run_ap_ft_pmf_bip_over_ds(dev
, apdev
, cipher
):
654 if cipher
not in dev
[0].get_capability("group_mgmt"):
655 raise HwsimSkip("Cipher %s not supported" % cipher
)
658 passphrase
="12345678"
660 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
661 params
["ieee80211w"] = "2"
662 params
["group_mgmt_cipher"] = cipher
663 hapd0
= hostapd
.add_ap(apdev
[0], params
)
664 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
665 params
["ieee80211w"] = "2"
666 params
["group_mgmt_cipher"] = cipher
667 hapd1
= hostapd
.add_ap(apdev
[1], params
)
669 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
672 def test_ap_ft_over_ds_pull(dev
, apdev
):
673 """WPA2-PSK-FT AP over DS (pull PMK)"""
675 passphrase
="12345678"
677 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
678 params
["pmk_r1_push"] = "0"
679 hapd0
= hostapd
.add_ap(apdev
[0], params
)
680 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
681 params
["pmk_r1_push"] = "0"
682 hapd1
= hostapd
.add_ap(apdev
[1], params
)
684 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
686 def test_ap_ft_over_ds_pull_old_key(dev
, apdev
):
687 """WPA2-PSK-FT AP over DS (pull PMK; old key)"""
689 passphrase
="12345678"
691 params
= ft_params1_old_key(ssid
=ssid
, passphrase
=passphrase
)
692 params
["pmk_r1_push"] = "0"
693 hapd0
= hostapd
.add_ap(apdev
[0], params
)
694 params
= ft_params2_old_key(ssid
=ssid
, passphrase
=passphrase
)
695 params
["pmk_r1_push"] = "0"
696 hapd1
= hostapd
.add_ap(apdev
[1], params
)
698 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True)
700 def test_ap_ft_over_ds_pull_vlan(dev
, apdev
):
701 """WPA2-PSK-FT AP over DS (pull PMK) with VLAN"""
703 passphrase
="12345678"
705 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
706 params
["pmk_r1_push"] = "0"
707 params
['dynamic_vlan'] = "1";
708 params
['accept_mac_file'] = "hostapd.accept";
709 hapd0
= hostapd
.add_ap(apdev
[0]['ifname'], params
)
710 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
711 params
["pmk_r1_push"] = "0"
712 params
['dynamic_vlan'] = "1";
713 params
['accept_mac_file'] = "hostapd.accept";
714 hapd1
= hostapd
.add_ap(apdev
[1]['ifname'], params
)
716 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
719 def test_ap_ft_sae(dev
, apdev
):
720 """WPA2-PSK-FT-SAE AP"""
721 if "SAE" not in dev
[0].get_capability("auth_alg"):
722 raise HwsimSkip("SAE not supported")
724 passphrase
="12345678"
726 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
727 params
['wpa_key_mgmt'] = "FT-SAE"
728 hapd0
= hostapd
.add_ap(apdev
[0], params
)
729 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
730 params
['wpa_key_mgmt'] = "FT-SAE"
731 hapd
= hostapd
.add_ap(apdev
[1], params
)
732 key_mgmt
= hapd
.get_config()['key_mgmt']
733 if key_mgmt
.split(' ')[0] != "FT-SAE":
734 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
736 dev
[0].request("SET sae_groups ")
737 run_roams(dev
[0], apdev
, hapd0
, hapd
, ssid
, passphrase
, sae
=True)
739 def test_ap_ft_sae_over_ds(dev
, apdev
):
740 """WPA2-PSK-FT-SAE AP over DS"""
741 if "SAE" not in dev
[0].get_capability("auth_alg"):
742 raise HwsimSkip("SAE not supported")
744 passphrase
="12345678"
746 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
747 params
['wpa_key_mgmt'] = "FT-SAE"
748 hapd0
= hostapd
.add_ap(apdev
[0], params
)
749 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
750 params
['wpa_key_mgmt'] = "FT-SAE"
751 hapd1
= hostapd
.add_ap(apdev
[1], params
)
753 dev
[0].request("SET sae_groups ")
754 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, sae
=True,
757 def generic_ap_ft_eap(dev
, apdev
, vlan
=False, cui
=False, over_ds
=False,
758 discovery
=False, roams
=1):
760 passphrase
="12345678"
762 identity
="gpsk-vlan1"
771 radius
= hostapd
.radius_params()
772 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
773 params
['wpa_key_mgmt'] = "FT-EAP"
774 params
["ieee8021x"] = "1"
776 params
["dynamic_vlan"] = "1"
777 params
= dict(radius
.items() + params
.items())
778 hapd
= hostapd
.add_ap(apdev
[0], params
)
779 key_mgmt
= hapd
.get_config()['key_mgmt']
780 if key_mgmt
.split(' ')[0] != "FT-EAP":
781 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
782 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=discovery
)
783 params
['wpa_key_mgmt'] = "FT-EAP"
784 params
["ieee8021x"] = "1"
786 params
["dynamic_vlan"] = "1"
787 params
= dict(radius
.items() + params
.items())
788 hapd1
= hostapd
.add_ap(apdev
[1], params
)
790 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
791 over_ds
=over_ds
, roams
=roams
, eap_identity
=identity
,
793 if "[WPA2-FT/EAP-CCMP]" not in dev
[0].request("SCAN_RESULTS"):
794 raise Exception("Scan results missing RSN element info")
795 check_mib(dev
[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-3"),
796 ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-3") ])
798 # Verify EAPOL reauthentication after FT protocol
799 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
803 ap
.request("EAPOL_REAUTH " + dev
[0].own_addr())
804 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout
=5)
806 raise Exception("EAP authentication did not start")
807 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout
=5)
809 raise Exception("EAP authentication did not succeed")
812 hwsim_utils
.test_connectivity_iface(dev
[0], ap
, conndev
)
814 hwsim_utils
.test_connectivity(dev
[0], ap
)
816 def test_ap_ft_eap(dev
, apdev
):
818 generic_ap_ft_eap(dev
, apdev
)
820 def test_ap_ft_eap_cui(dev
, apdev
):
821 """WPA2-EAP-FT AP with CUI"""
822 generic_ap_ft_eap(dev
, apdev
, vlan
=False, cui
=True)
824 def test_ap_ft_eap_vlan(dev
, apdev
):
825 """WPA2-EAP-FT AP with VLAN"""
826 generic_ap_ft_eap(dev
, apdev
, vlan
=True)
828 def test_ap_ft_eap_vlan_multi(dev
, apdev
):
829 """WPA2-EAP-FT AP with VLAN"""
830 generic_ap_ft_eap(dev
, apdev
, vlan
=True, roams
=50)
832 def test_ap_ft_eap_over_ds(dev
, apdev
):
833 """WPA2-EAP-FT AP using over-the-DS"""
834 generic_ap_ft_eap(dev
, apdev
, over_ds
=True)
836 def test_ap_ft_eap_dis(dev
, apdev
):
837 """WPA2-EAP-FT AP with AP discovery"""
838 generic_ap_ft_eap(dev
, apdev
, discovery
=True)
840 def test_ap_ft_eap_dis_over_ds(dev
, apdev
):
841 """WPA2-EAP-FT AP with AP discovery and over-the-DS"""
842 generic_ap_ft_eap(dev
, apdev
, over_ds
=True, discovery
=True)
844 def test_ap_ft_eap_vlan(dev
, apdev
):
845 """WPA2-EAP-FT AP with VLAN"""
846 generic_ap_ft_eap(dev
, apdev
, vlan
=True)
848 def test_ap_ft_eap_vlan_multi(dev
, apdev
):
849 """WPA2-EAP-FT AP with VLAN"""
850 generic_ap_ft_eap(dev
, apdev
, vlan
=True, roams
=50)
852 def test_ap_ft_eap_vlan_over_ds(dev
, apdev
):
853 """WPA2-EAP-FT AP with VLAN + over_ds"""
854 generic_ap_ft_eap(dev
, apdev
, vlan
=True, over_ds
=True)
856 def test_ap_ft_eap_vlan_over_ds_multi(dev
, apdev
):
857 """WPA2-EAP-FT AP with VLAN + over_ds"""
858 generic_ap_ft_eap(dev
, apdev
, vlan
=True, over_ds
=True, roams
=50)
860 def generic_ap_ft_eap_pull(dev
, apdev
, vlan
=False):
861 """WPA2-EAP-FT AP (pull PMK)"""
863 passphrase
="12345678"
865 identity
="gpsk-vlan1"
871 radius
= hostapd
.radius_params()
872 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
873 params
['wpa_key_mgmt'] = "FT-EAP"
874 params
["ieee8021x"] = "1"
875 params
["pmk_r1_push"] = "0"
877 params
["dynamic_vlan"] = "1"
878 params
= dict(radius
.items() + params
.items())
879 hapd
= hostapd
.add_ap(apdev
[0], params
)
880 key_mgmt
= hapd
.get_config()['key_mgmt']
881 if key_mgmt
.split(' ')[0] != "FT-EAP":
882 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
883 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
884 params
['wpa_key_mgmt'] = "FT-EAP"
885 params
["ieee8021x"] = "1"
886 params
["pmk_r1_push"] = "0"
888 params
["dynamic_vlan"] = "1"
889 params
= dict(radius
.items() + params
.items())
890 hapd1
= hostapd
.add_ap(apdev
[1], params
)
892 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True,
893 eap_identity
=identity
, conndev
=conndev
)
895 def test_ap_ft_eap_pull(dev
, apdev
):
896 """WPA2-EAP-FT AP (pull PMK)"""
897 generic_ap_ft_eap_pull(dev
, apdev
)
899 def test_ap_ft_eap_pull_vlan(dev
, apdev
):
900 generic_ap_ft_eap_pull(dev
, apdev
, vlan
=True)
902 def test_ap_ft_eap_pull_wildcard(dev
, apdev
):
903 """WPA2-EAP-FT AP (pull PMK) - wildcard R0KH/R1KH"""
905 passphrase
="12345678"
907 radius
= hostapd
.radius_params()
908 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
909 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
910 params
["ieee8021x"] = "1"
911 params
["pmk_r1_push"] = "0"
912 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
913 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
914 params
["ft_psk_generate_local"] = "1"
915 params
["eap_server"] = "0"
916 params
= dict(radius
.items() + params
.items())
917 hapd
= hostapd
.add_ap(apdev
[0], params
)
918 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
919 params
['wpa_key_mgmt'] = "WPA-EAP FT-EAP"
920 params
["ieee8021x"] = "1"
921 params
["pmk_r1_push"] = "0"
922 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
923 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
924 params
["ft_psk_generate_local"] = "1"
925 params
["eap_server"] = "0"
926 params
= dict(radius
.items() + params
.items())
927 hapd1
= hostapd
.add_ap(apdev
[1], params
)
929 run_roams(dev
[0], apdev
, hapd
, hapd1
, ssid
, passphrase
, eap
=True)
932 def test_ap_ft_mismatching_rrb_key_push(dev
, apdev
):
933 """WPA2-PSK-FT AP over DS with mismatching RRB key (push)"""
935 passphrase
="12345678"
937 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
938 params
["ieee80211w"] = "2"
939 hapd0
= hostapd
.add_ap(apdev
[0], params
)
940 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
941 params
["ieee80211w"] = "2"
942 hapd1
= hostapd
.add_ap(apdev
[1], params
)
944 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
948 def test_ap_ft_mismatching_rrb_key_pull(dev
, apdev
):
949 """WPA2-PSK-FT AP over DS with mismatching RRB key (pull)"""
951 passphrase
="12345678"
953 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
954 params
["pmk_r1_push"] = "0"
955 hapd0
= hostapd
.add_ap(apdev
[0], params
)
956 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
957 params
["pmk_r1_push"] = "0"
958 hapd1
= hostapd
.add_ap(apdev
[1], params
)
960 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
964 def test_ap_ft_mismatching_r0kh_id_pull(dev
, apdev
):
965 """WPA2-PSK-FT AP over DS with mismatching R0KH-ID (pull)"""
967 passphrase
="12345678"
969 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
970 params
["pmk_r1_push"] = "0"
971 params
["nas_identifier"] = "nas0.w1.fi"
972 hostapd
.add_ap(apdev
[0], params
)
973 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
976 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
977 params
["pmk_r1_push"] = "0"
978 hostapd
.add_ap(apdev
[1], params
)
980 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
981 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
984 def test_ap_ft_mismatching_rrb_r0kh_push(dev
, apdev
):
985 """WPA2-PSK-FT AP over DS with mismatching R0KH key (push)"""
987 passphrase
="12345678"
989 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
990 params
["ieee80211w"] = "2"
991 hapd0
= hostapd
.add_ap(apdev
[0], params
)
992 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
993 params
["ieee80211w"] = "2"
994 hapd1
= hostapd
.add_ap(apdev
[1], params
)
996 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1000 def test_ap_ft_mismatching_rrb_r0kh_pull(dev
, apdev
):
1001 """WPA2-PSK-FT AP over DS with mismatching R0KH key (pull)"""
1003 passphrase
="12345678"
1005 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1006 params
["pmk_r1_push"] = "0"
1007 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1008 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1009 params
["pmk_r1_push"] = "0"
1010 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1012 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1015 def test_ap_ft_mismatching_rrb_key_push_eap(dev
, apdev
):
1016 """WPA2-EAP-FT AP over DS with mismatching RRB key (push)"""
1018 passphrase
="12345678"
1020 radius
= hostapd
.radius_params()
1021 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1022 params
["ieee80211w"] = "2";
1023 params
['wpa_key_mgmt'] = "FT-EAP"
1024 params
["ieee8021x"] = "1"
1025 params
= dict(radius
.items() + params
.items())
1026 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1027 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1028 params
["ieee80211w"] = "2";
1029 params
['wpa_key_mgmt'] = "FT-EAP"
1030 params
["ieee8021x"] = "1"
1031 params
= dict(radius
.items() + params
.items())
1032 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1034 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1035 fail_test
=True, eap
=True)
1037 def test_ap_ft_mismatching_rrb_key_pull_eap(dev
, apdev
):
1038 """WPA2-EAP-FT AP over DS with mismatching RRB key (pull)"""
1040 passphrase
="12345678"
1042 radius
= hostapd
.radius_params()
1043 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1044 params
["pmk_r1_push"] = "0"
1045 params
['wpa_key_mgmt'] = "FT-EAP"
1046 params
["ieee8021x"] = "1"
1047 params
= dict(radius
.items() + params
.items())
1048 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1049 params
= ft_params2_incorrect_rrb_key(ssid
=ssid
, passphrase
=passphrase
)
1050 params
["pmk_r1_push"] = "0"
1051 params
['wpa_key_mgmt'] = "FT-EAP"
1052 params
["ieee8021x"] = "1"
1053 params
= dict(radius
.items() + params
.items())
1054 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1056 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1057 fail_test
=True, eap
=True)
1059 def test_ap_ft_mismatching_r0kh_id_pull_eap(dev
, apdev
):
1060 """WPA2-EAP-FT AP over DS with mismatching R0KH-ID (pull)"""
1062 passphrase
="12345678"
1064 radius
= hostapd
.radius_params()
1065 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1066 params
["pmk_r1_push"] = "0"
1067 params
["nas_identifier"] = "nas0.w1.fi"
1068 params
['wpa_key_mgmt'] = "FT-EAP"
1069 params
["ieee8021x"] = "1"
1070 params
= dict(radius
.items() + params
.items())
1071 hostapd
.add_ap(apdev
[0], params
)
1072 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
1073 eap
="GPSK", identity
="gpsk user",
1074 password
="abcdefghijklmnop0123456789abcdef",
1077 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1078 params
["pmk_r1_push"] = "0"
1079 params
['wpa_key_mgmt'] = "FT-EAP"
1080 params
["ieee8021x"] = "1"
1081 params
= dict(radius
.items() + params
.items())
1082 hostapd
.add_ap(apdev
[1], params
)
1084 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1085 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
1087 def test_ap_ft_mismatching_rrb_r0kh_push_eap(dev
, apdev
):
1088 """WPA2-EAP-FT AP over DS with mismatching R0KH key (push)"""
1090 passphrase
="12345678"
1092 radius
= hostapd
.radius_params()
1093 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1094 params
["ieee80211w"] = "2";
1095 params
['wpa_key_mgmt'] = "FT-EAP"
1096 params
["ieee8021x"] = "1"
1097 params
= dict(radius
.items() + params
.items())
1098 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1099 params
= ft_params2_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1100 params
["ieee80211w"] = "2";
1101 params
['wpa_key_mgmt'] = "FT-EAP"
1102 params
["ieee8021x"] = "1"
1103 params
= dict(radius
.items() + params
.items())
1104 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1106 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1107 fail_test
=True, eap
=True)
1109 def test_ap_ft_mismatching_rrb_r0kh_pull_eap(dev
, apdev
):
1110 """WPA2-EAP-FT AP over DS with mismatching R0KH key (pull)"""
1112 passphrase
="12345678"
1114 radius
= hostapd
.radius_params()
1115 params
= ft_params1_r0kh_mismatch(ssid
=ssid
, passphrase
=passphrase
)
1116 params
["pmk_r1_push"] = "0"
1117 params
['wpa_key_mgmt'] = "FT-EAP"
1118 params
["ieee8021x"] = "1"
1119 params
= dict(radius
.items() + params
.items())
1120 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1121 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1122 params
["pmk_r1_push"] = "0"
1123 params
['wpa_key_mgmt'] = "FT-EAP"
1124 params
["ieee8021x"] = "1"
1125 params
= dict(radius
.items() + params
.items())
1126 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1128 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
1129 fail_test
=True, eap
=True)
1131 def test_ap_ft_gtk_rekey(dev
, apdev
):
1132 """WPA2-PSK-FT AP and GTK rekey"""
1134 passphrase
="12345678"
1136 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1137 params
['wpa_group_rekey'] = '1'
1138 hapd
= hostapd
.add_ap(apdev
[0], params
)
1140 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1141 ieee80211w
="1", scan_freq
="2412")
1143 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
1145 raise Exception("GTK rekey timed out after initial association")
1146 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1148 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1149 params
['wpa_group_rekey'] = '1'
1150 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1152 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1153 dev
[0].roam(apdev
[1]['bssid'])
1154 if dev
[0].get_status_field('bssid') != apdev
[1]['bssid']:
1155 raise Exception("Did not connect to correct AP")
1156 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
1158 ev
= dev
[0].wait_event(["WPA: Group rekeying completed"], timeout
=2)
1160 raise Exception("GTK rekey timed out after FT protocol")
1161 hwsim_utils
.test_connectivity(dev
[0], hapd1
)
1163 def test_ft_psk_key_lifetime_in_memory(dev
, apdev
, params
):
1164 """WPA2-PSK-FT and key lifetime in memory"""
1166 passphrase
="04c2726b4b8d5f1b4db9c07aa4d9e9d8f765cb5d25ec817e6cc4fcdd5255db0"
1167 psk
= '93c90846ff67af9037ed83fb72b63dbeddaa81d47f926c20909b5886f1d9358d'
1168 pmk
= binascii
.unhexlify(psk
)
1169 p
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1170 hapd0
= hostapd
.add_ap(apdev
[0], p
)
1171 p
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1172 hapd1
= hostapd
.add_ap(apdev
[1], p
)
1174 pid
= find_wpas_process(dev
[0])
1176 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1178 # The decrypted copy of GTK is freed only after the CTRL-EVENT-CONNECTED
1179 # event has been delivered, so verify that wpa_supplicant has returned to
1180 # eloop before reading process memory.
1184 buf
= read_process_memory(pid
, pmk
)
1186 dev
[0].request("DISCONNECT")
1187 dev
[0].wait_disconnected()
1194 with
open(os
.path
.join(params
['logdir'], 'log0'), 'r') as f
:
1195 for l
in f
.readlines():
1196 if "FT: PMK-R0 - hexdump" in l
:
1197 val
= l
.strip().split(':')[3].replace(' ', '')
1198 pmkr0
= binascii
.unhexlify(val
)
1199 if "FT: PMK-R1 - hexdump" in l
:
1200 val
= l
.strip().split(':')[3].replace(' ', '')
1201 pmkr1
= binascii
.unhexlify(val
)
1202 if "FT: KCK - hexdump" in l
:
1203 val
= l
.strip().split(':')[3].replace(' ', '')
1204 kck
= binascii
.unhexlify(val
)
1205 if "FT: KEK - hexdump" in l
:
1206 val
= l
.strip().split(':')[3].replace(' ', '')
1207 kek
= binascii
.unhexlify(val
)
1208 if "FT: TK - hexdump" in l
:
1209 val
= l
.strip().split(':')[3].replace(' ', '')
1210 tk
= binascii
.unhexlify(val
)
1211 if "WPA: Group Key - hexdump" in l
:
1212 val
= l
.strip().split(':')[3].replace(' ', '')
1213 gtk
= binascii
.unhexlify(val
)
1214 if not pmkr0
or not pmkr1
or not kck
or not kek
or not tk
or not gtk
:
1215 raise Exception("Could not find keys from debug log")
1217 raise Exception("Unexpected GTK length")
1219 logger
.info("Checking keys in memory while associated")
1220 get_key_locations(buf
, pmk
, "PMK")
1221 get_key_locations(buf
, pmkr0
, "PMK-R0")
1222 get_key_locations(buf
, pmkr1
, "PMK-R1")
1224 raise HwsimSkip("PMK not found while associated")
1225 if pmkr0
not in buf
:
1226 raise HwsimSkip("PMK-R0 not found while associated")
1227 if pmkr1
not in buf
:
1228 raise HwsimSkip("PMK-R1 not found while associated")
1230 raise Exception("KCK not found while associated")
1232 raise Exception("KEK not found while associated")
1234 # raise Exception("TK found from memory")
1236 logger
.info("Checking keys in memory after disassociation")
1237 buf
= read_process_memory(pid
, pmk
)
1238 get_key_locations(buf
, pmk
, "PMK")
1239 get_key_locations(buf
, pmkr0
, "PMK-R0")
1240 get_key_locations(buf
, pmkr1
, "PMK-R1")
1242 # Note: PMK/PSK is still present in network configuration
1244 fname
= os
.path
.join(params
['logdir'],
1245 'ft_psk_key_lifetime_in_memory.memctx-')
1246 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
1247 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
1248 verify_not_present(buf
, kck
, fname
, "KCK")
1249 verify_not_present(buf
, kek
, fname
, "KEK")
1250 verify_not_present(buf
, tk
, fname
, "TK")
1252 get_key_locations(buf
, gtk
, "GTK")
1253 verify_not_present(buf
, gtk
, fname
, "GTK")
1255 dev
[0].request("REMOVE_NETWORK all")
1257 logger
.info("Checking keys in memory after network profile removal")
1258 buf
= read_process_memory(pid
, pmk
)
1259 get_key_locations(buf
, pmk
, "PMK")
1260 get_key_locations(buf
, pmkr0
, "PMK-R0")
1261 get_key_locations(buf
, pmkr1
, "PMK-R1")
1263 verify_not_present(buf
, pmk
, fname
, "PMK")
1264 verify_not_present(buf
, pmkr0
, fname
, "PMK-R0")
1265 verify_not_present(buf
, pmkr1
, fname
, "PMK-R1")
1266 verify_not_present(buf
, kck
, fname
, "KCK")
1267 verify_not_present(buf
, kek
, fname
, "KEK")
1268 verify_not_present(buf
, tk
, fname
, "TK")
1269 verify_not_present(buf
, gtk
, fname
, "GTK")
1272 def test_ap_ft_invalid_resp(dev
, apdev
):
1273 """WPA2-PSK-FT AP and invalid response IEs"""
1275 passphrase
="12345678"
1277 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1278 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1279 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1282 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1283 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1286 # Various IEs for test coverage. The last one is FTIE with invalid
1287 # R1KH-ID subelement.
1288 "020002000000" + "3800" + "38051122334455" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010100",
1289 # FTIE with invalid R0KH-ID subelement (len=0).
1290 "020002000000" + "3754000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010300",
1291 # FTIE with invalid R0KH-ID subelement (len=49).
1292 "020002000000" + "378500010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001033101020304050607080910111213141516171819202122232425262728293031323334353637383940414243444546474849",
1294 "020002000000" + "3000",
1295 # Required IEs missing from protected IE count.
1296 "020002000000" + "3603a1b201" + "375200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1297 # RIC missing from protected IE count.
1298 "020002000000" + "3603a1b201" + "375200020203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900",
1299 # Protected IE missing.
1300 "020002000000" + "3603a1b201" + "375200ff0203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001" + "3900" + "0000" ]
1302 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1303 hapd1
.set("ext_mgmt_frame_handling", "1")
1304 hapd1
.dump_monitor()
1305 if "OK" not in dev
[0].request("ROAM " + apdev
[1]['bssid']):
1306 raise Exception("ROAM failed")
1309 msg
= hapd1
.mgmt_rx()
1310 if msg
['subtype'] == 11:
1314 raise Exception("Authentication frame not seen")
1317 resp
['fc'] = auth
['fc']
1318 resp
['da'] = auth
['sa']
1319 resp
['sa'] = auth
['da']
1320 resp
['bssid'] = auth
['bssid']
1321 resp
['payload'] = binascii
.unhexlify(t
)
1323 hapd1
.set("ext_mgmt_frame_handling", "0")
1324 dev
[0].wait_disconnected()
1326 dev
[0].request("RECONNECT")
1327 dev
[0].wait_connected()
1329 def test_ap_ft_gcmp_256(dev
, apdev
):
1330 """WPA2-PSK-FT AP with GCMP-256 cipher"""
1331 if "GCMP-256" not in dev
[0].get_capability("pairwise"):
1332 raise HwsimSkip("Cipher GCMP-256 not supported")
1334 passphrase
="12345678"
1336 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1337 params
['rsn_pairwise'] = "GCMP-256"
1338 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1339 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1340 params
['rsn_pairwise'] = "GCMP-256"
1341 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1343 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
1344 pairwise_cipher
="GCMP-256", group_cipher
="GCMP-256")
1346 def test_ap_ft_oom(dev
, apdev
):
1347 """WPA2-PSK-FT and OOM"""
1348 skip_with_fips(dev
[0])
1350 passphrase
="12345678"
1352 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1353 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1354 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1355 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1357 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1359 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
1360 dst
= apdev
[1]['bssid']
1362 dst
= apdev
[0]['bssid']
1364 dev
[0].scan_for_bss(dst
, freq
="2412")
1365 with
alloc_fail(dev
[0], 1, "wpa_ft_gen_req_ies"):
1367 with
fail_test(dev
[0], 1, "wpa_ft_mic"):
1368 dev
[0].roam(dst
, fail_test
=True)
1369 with
fail_test(dev
[0], 1, "os_get_random;wpa_ft_prepare_auth_request"):
1370 dev
[0].roam(dst
, fail_test
=True)
1372 dev
[0].request("REMOVE_NETWORK all")
1373 with
alloc_fail(dev
[0], 1, "=sme_update_ft_ies"):
1374 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1377 def test_ap_ft_ap_oom(dev
, apdev
):
1378 """WPA2-PSK-FT and AP OOM"""
1380 passphrase
="12345678"
1382 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1383 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1384 bssid0
= hapd0
.own_addr()
1386 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1387 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r0"):
1388 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1391 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1392 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1393 bssid1
= hapd1
.own_addr()
1394 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1395 # This roam will fail due to missing PMK-R0 (OOM prevented storing it)
1398 def test_ap_ft_ap_oom2(dev
, apdev
):
1399 """WPA2-PSK-FT and AP OOM 2"""
1401 passphrase
="12345678"
1403 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1404 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1405 bssid0
= hapd0
.own_addr()
1407 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1408 with
alloc_fail(hapd0
, 1, "wpa_ft_store_pmk_r1"):
1409 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1412 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1413 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1414 bssid1
= hapd1
.own_addr()
1415 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1417 if dev
[0].get_status_field('bssid') != bssid1
:
1418 raise Exception("Did not roam to AP1")
1419 # This roam will fail due to missing PMK-R1 (OOM prevented storing it)
1422 def test_ap_ft_ap_oom3(dev
, apdev
):
1423 """WPA2-PSK-FT and AP OOM 3"""
1425 passphrase
="12345678"
1427 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1428 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1429 bssid0
= hapd0
.own_addr()
1431 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1432 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1435 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1436 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1437 bssid1
= hapd1
.own_addr()
1438 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1439 with
alloc_fail(hapd1
, 1, "wpa_ft_pull_pmk_r1"):
1440 # This will fail due to not being able to send out PMK-R1 pull request
1443 with
fail_test(hapd1
, 2, "os_get_random;wpa_ft_pull_pmk_r1"):
1444 # This will fail due to not being able to send out PMK-R1 pull request
1447 with
fail_test(hapd1
, 2, "aes_siv_encrypt;wpa_ft_pull_pmk_r1"):
1448 # This will fail due to not being able to send out PMK-R1 pull request
1451 def test_ap_ft_ap_oom3b(dev
, apdev
):
1452 """WPA2-PSK-FT and AP OOM 3b"""
1454 passphrase
="12345678"
1456 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1457 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1458 bssid0
= hapd0
.own_addr()
1460 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1461 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1464 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1465 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1466 bssid1
= hapd1
.own_addr()
1467 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1468 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_pull_pmk_r1"):
1469 # This will fail due to not being able to send out PMK-R1 pull request
1472 def test_ap_ft_ap_oom4(dev
, apdev
):
1473 """WPA2-PSK-FT and AP OOM 4"""
1475 passphrase
="12345678"
1477 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1478 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1479 bssid0
= hapd0
.own_addr()
1481 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1482 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1485 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1486 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1487 bssid1
= hapd1
.own_addr()
1488 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1489 with
alloc_fail(hapd1
, 1, "wpa_ft_gtk_subelem"):
1491 if dev
[0].get_status_field('bssid') != bssid1
:
1492 raise Exception("Did not roam to AP1")
1494 with
fail_test(hapd0
, 1, "wpa_auth_get_seqnum;wpa_ft_gtk_subelem"):
1496 if dev
[0].get_status_field('bssid') != bssid0
:
1497 raise Exception("Did not roam to AP0")
1499 with
fail_test(hapd0
, 1, "aes_wrap;wpa_ft_gtk_subelem"):
1501 if dev
[0].get_status_field('bssid') != bssid1
:
1502 raise Exception("Did not roam to AP1")
1504 def test_ap_ft_ap_oom5(dev
, apdev
):
1505 """WPA2-PSK-FT and AP OOM 5"""
1507 passphrase
="12345678"
1509 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1510 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1511 bssid0
= hapd0
.own_addr()
1513 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1514 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1517 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1518 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1519 bssid1
= hapd1
.own_addr()
1520 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1521 with
alloc_fail(hapd1
, 1, "=wpa_ft_process_auth_req"):
1522 # This will fail to roam
1525 with
fail_test(hapd1
, 1, "os_get_random;wpa_ft_process_auth_req"):
1526 # This will fail to roam
1529 with
fail_test(hapd1
, 1, "sha256_prf_bits;wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1530 # This will fail to roam
1533 with
fail_test(hapd1
, 3, "wpa_pmk_r1_to_ptk;wpa_ft_process_auth_req"):
1534 # This will fail to roam
1537 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1_name;wpa_ft_process_auth_req"):
1538 # This will fail to roam
1541 def test_ap_ft_ap_oom6(dev
, apdev
):
1542 """WPA2-PSK-FT and AP OOM 6"""
1544 passphrase
="12345678"
1546 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1547 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1548 bssid0
= hapd0
.own_addr()
1550 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1551 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r0;wpa_auth_derive_ptk_ft"):
1552 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1554 dev
[0].request("REMOVE_NETWORK all")
1555 dev
[0].wait_disconnected()
1556 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_auth_derive_ptk_ft"):
1557 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1559 dev
[0].request("REMOVE_NETWORK all")
1560 dev
[0].wait_disconnected()
1561 with
fail_test(hapd0
, 1, "wpa_pmk_r1_to_ptk;wpa_auth_derive_ptk_ft"):
1562 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1565 def test_ap_ft_ap_oom7a(dev
, apdev
):
1566 """WPA2-PSK-FT and AP OOM 7a"""
1568 passphrase
="12345678"
1570 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1571 params
["ieee80211w"] = "2"
1572 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1573 bssid0
= hapd0
.own_addr()
1575 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1576 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1577 ieee80211w
="2", scan_freq
="2412")
1579 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1580 params
["ieee80211w"] = "2"
1581 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1582 bssid1
= hapd1
.own_addr()
1583 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1584 with
alloc_fail(hapd1
, 1, "wpa_ft_igtk_subelem"):
1585 # This will fail to roam
1588 def test_ap_ft_ap_oom7b(dev
, apdev
):
1589 """WPA2-PSK-FT and AP OOM 7b"""
1591 passphrase
="12345678"
1593 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1594 params
["ieee80211w"] = "2"
1595 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1596 bssid0
= hapd0
.own_addr()
1598 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1599 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1600 ieee80211w
="2", scan_freq
="2412")
1602 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1603 params
["ieee80211w"] = "2"
1604 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1605 bssid1
= hapd1
.own_addr()
1606 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1607 with
fail_test(hapd1
, 1, "aes_wrap;wpa_ft_igtk_subelem"):
1608 # This will fail to roam
1611 def test_ap_ft_ap_oom7c(dev
, apdev
):
1612 """WPA2-PSK-FT and AP OOM 7c"""
1614 passphrase
="12345678"
1616 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1617 params
["ieee80211w"] = "2"
1618 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1619 bssid0
= hapd0
.own_addr()
1621 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1622 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1623 ieee80211w
="2", scan_freq
="2412")
1625 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1626 params
["ieee80211w"] = "2"
1627 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1628 bssid1
= hapd1
.own_addr()
1629 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1630 with
alloc_fail(hapd1
, 1, "=wpa_sm_write_assoc_resp_ies"):
1631 # This will fail to roam
1634 def test_ap_ft_ap_oom7d(dev
, apdev
):
1635 """WPA2-PSK-FT and AP OOM 7d"""
1637 passphrase
="12345678"
1639 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1640 params
["ieee80211w"] = "2"
1641 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1642 bssid0
= hapd0
.own_addr()
1644 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1645 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1646 ieee80211w
="2", scan_freq
="2412")
1648 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1649 params
["ieee80211w"] = "2"
1650 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1651 bssid1
= hapd1
.own_addr()
1652 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1653 with
fail_test(hapd1
, 1, "wpa_ft_mic;wpa_sm_write_assoc_resp_ies"):
1654 # This will fail to roam
1657 def test_ap_ft_ap_oom8(dev
, apdev
):
1658 """WPA2-PSK-FT and AP OOM 8"""
1660 passphrase
="12345678"
1662 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1663 params
['ft_psk_generate_local'] = "1";
1664 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1665 bssid0
= hapd0
.own_addr()
1667 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1668 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1671 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1672 params
['ft_psk_generate_local'] = "1";
1673 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1674 bssid1
= hapd1
.own_addr()
1675 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1676 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r0;wpa_ft_psk_pmk_r1"):
1677 # This will fail to roam
1679 with
fail_test(hapd1
, 1, "wpa_derive_pmk_r1;wpa_ft_psk_pmk_r1"):
1680 # This will fail to roam
1683 def test_ap_ft_ap_oom9(dev
, apdev
):
1684 """WPA2-PSK-FT and AP OOM 9"""
1686 passphrase
="12345678"
1688 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1689 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1690 bssid0
= hapd0
.own_addr()
1692 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1693 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1696 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1697 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1698 bssid1
= hapd1
.own_addr()
1699 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1701 with
alloc_fail(hapd0
, 1, "wpa_ft_action_rx"):
1702 # This will fail to roam
1703 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1704 raise Exception("FT_DS failed")
1705 wait_fail_trigger(hapd0
, "GET_ALLOC_FAIL")
1707 with
alloc_fail(hapd1
, 1, "wpa_ft_rrb_rx_request"):
1708 # This will fail to roam
1709 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1710 raise Exception("FT_DS failed")
1711 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
1713 with
alloc_fail(hapd1
, 1, "wpa_ft_send_rrb_auth_resp"):
1714 # This will fail to roam
1715 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1716 raise Exception("FT_DS failed")
1717 wait_fail_trigger(hapd1
, "GET_ALLOC_FAIL")
1719 def test_ap_ft_ap_oom10(dev
, apdev
):
1720 """WPA2-PSK-FT and AP OOM 10"""
1722 passphrase
="12345678"
1724 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1725 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1726 bssid0
= hapd0
.own_addr()
1728 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1729 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1732 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1733 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1734 bssid1
= hapd1
.own_addr()
1735 dev
[0].scan_for_bss(bssid1
, freq
="2412")
1737 with
fail_test(hapd0
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_pull"):
1738 # This will fail to roam
1739 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1740 raise Exception("FT_DS failed")
1741 wait_fail_trigger(hapd0
, "GET_FAIL")
1743 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_rrb_rx_pull"):
1744 # This will fail to roam
1745 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1746 raise Exception("FT_DS failed")
1747 wait_fail_trigger(hapd0
, "GET_FAIL")
1749 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_rrb_rx_pull"):
1750 # This will fail to roam
1751 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1752 raise Exception("FT_DS failed")
1753 wait_fail_trigger(hapd0
, "GET_FAIL")
1755 with
fail_test(hapd1
, 1, "aes_siv_decrypt;wpa_ft_rrb_rx_resp"):
1756 # This will fail to roam
1757 if "OK" not in dev
[0].request("FT_DS " + bssid1
):
1758 raise Exception("FT_DS failed")
1759 wait_fail_trigger(hapd1
, "GET_FAIL")
1761 def test_ap_ft_ap_oom11(dev
, apdev
):
1762 """WPA2-PSK-FT and AP OOM 11"""
1764 passphrase
="12345678"
1766 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1767 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1768 bssid0
= hapd0
.own_addr()
1770 dev
[0].scan_for_bss(bssid0
, freq
="2412")
1771 with
fail_test(hapd0
, 1, "wpa_derive_pmk_r1;wpa_ft_generate_pmk_r1"):
1772 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1774 wait_fail_trigger(hapd0
, "GET_FAIL")
1776 dev
[1].scan_for_bss(bssid0
, freq
="2412")
1777 with
fail_test(hapd0
, 1, "aes_siv_encrypt;wpa_ft_generate_pmk_r1"):
1778 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1780 wait_fail_trigger(hapd0
, "GET_FAIL")
1782 def test_ap_ft_over_ds_proto_ap(dev
, apdev
):
1783 """WPA2-PSK-FT AP over DS protocol testing for AP processing"""
1785 passphrase
="12345678"
1787 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1788 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1789 bssid0
= hapd0
.own_addr()
1790 _bssid0
= bssid0
.replace(':', '')
1791 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1793 addr
= dev
[0].own_addr()
1794 _addr
= addr
.replace(':', '')
1796 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1797 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1798 bssid1
= hapd1
.own_addr()
1799 _bssid1
= bssid1
.replace(':', '')
1801 hapd0
.set("ext_mgmt_frame_handling", "1")
1802 hdr
= "d0003a01" + _bssid0
+ _addr
+ _bssid0
+ "1000"
1803 valid
= "0601" + _addr
+ _bssid1
1806 "0601" + _addr
+ _bssid0
,
1807 "0601" + _addr
+ "ffffffffffff",
1808 "0601" + _bssid0
+ _bssid0
,
1813 valid
+ "3603ffffff",
1814 valid
+ "3603a1b2ff",
1815 valid
+ "3603a1b2ff" + "3700",
1816 valid
+ "3603a1b2ff" + "37520000" + 16*"00" + 32*"00" + 32*"00",
1817 valid
+ "3603a1b2ff" + "37520001" + 16*"00" + 32*"00" + 32*"00",
1818 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa",
1819 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "3000",
1820 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000facff00000100a225368fe0983b5828a37a0acb37f253",
1821 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac030100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1822 valid
+ "3603a1b2ff" + "37550000" + 16*"00" + 32*"00" + 32*"00" + "0301aa" + "30260100000fac040100000fac040100000fac0400000100a225368fe0983b5828a37a0acb37f253",
1825 hapd0
.dump_monitor()
1826 if "OK" not in hapd0
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ t
):
1827 raise Exception("MGMT_RX_PROCESS failed")
1829 hapd0
.set("ext_mgmt_frame_handling", "0")
1831 def test_ap_ft_over_ds_proto(dev
, apdev
):
1832 """WPA2-PSK-FT AP over DS protocol testing"""
1834 passphrase
="12345678"
1836 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1837 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1838 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1841 # FT Action Response while no FT-over-DS in progress
1844 msg
['da'] = dev
[0].own_addr()
1845 msg
['sa'] = apdev
[0]['bssid']
1846 msg
['bssid'] = apdev
[0]['bssid']
1847 msg
['payload'] = binascii
.unhexlify("06020200000000000200000004000000")
1850 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
1851 hapd1
= hostapd
.add_ap(apdev
[1], params
)
1852 dev
[0].scan_for_bss(apdev
[1]['bssid'], freq
="2412")
1853 hapd0
.set("ext_mgmt_frame_handling", "1")
1854 hapd0
.dump_monitor()
1855 dev
[0].request("FT_DS " + apdev
[1]['bssid'])
1856 for i
in range(0, 10):
1857 req
= hapd0
.mgmt_rx()
1859 raise Exception("MGMT RX wait timed out")
1860 if req
['subtype'] == 13:
1864 raise Exception("FT Action frame not received")
1866 # FT Action Response for unexpected Target AP
1867 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "f20000000400" + "0000")
1870 # FT Action Response without MDIE
1871 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000")
1874 # FT Action Response without FTIE
1875 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201")
1878 # FT Action Response with FTIE SNonce mismatch
1879 msg
['payload'] = binascii
.unhexlify("0602020000000000" + "020000000400" + "0000" + "3603a1b201" + "3766000000000000000000000000000000000000c4e67ac1999bebd00ff4ae4d5dcaf87896bb060b469f7c78d49623fb395c3455ffffff6b693fe6f8d8c5dfac0a22344750775bd09437f98b238c9f87b97f790c0106000102030406030a6e6173312e77312e6669")
1883 def test_ap_ft_rrb(dev
, apdev
):
1884 """WPA2-PSK-FT RRB protocol testing"""
1886 passphrase
="12345678"
1888 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1889 hapd0
= hostapd
.add_ap(apdev
[0], params
)
1891 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1894 _dst_ll
= binascii
.unhexlify(apdev
[0]['bssid'].replace(':',''))
1895 _src_ll
= binascii
.unhexlify(dev
[0].own_addr().replace(':',''))
1897 ehdr
= _dst_ll
+ _src_ll
+ proto
1899 # Too short RRB frame
1901 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1902 raise Exception("DATA_TEST_FRAME failed")
1904 # RRB discarded frame wikth unrecognized type
1905 pkt
= ehdr
+ '\x02' + '\x02' + '\x01\x00' + _src_ll
1906 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1907 raise Exception("DATA_TEST_FRAME failed")
1909 # RRB frame too short for action frame
1910 pkt
= ehdr
+ '\x01' + '\x02' + '\x01\x00' + _src_ll
1911 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1912 raise Exception("DATA_TEST_FRAME failed")
1914 # Too short RRB frame (not enough room for Action Frame body)
1915 pkt
= ehdr
+ '\x01' + '\x02' + '\x00\x00' + _src_ll
1916 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1917 raise Exception("DATA_TEST_FRAME failed")
1919 # Unexpected Action frame category
1920 pkt
= ehdr
+ '\x01' + '\x02' + '\x0e\x00' + _src_ll
+ '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1921 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1922 raise Exception("DATA_TEST_FRAME failed")
1924 # Unexpected Action in RRB Request
1925 pkt
= ehdr
+ '\x01' + '\x00' + '\x0e\x00' + _src_ll
+ '\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1926 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1927 raise Exception("DATA_TEST_FRAME failed")
1929 # Target AP address in RRB Request does not match with own address
1930 pkt
= ehdr
+ '\x01' + '\x00' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1931 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1932 raise Exception("DATA_TEST_FRAME failed")
1934 # Not enough room for status code in RRB Response
1935 pkt
= ehdr
+ '\x01' + '\x01' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1936 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1937 raise Exception("DATA_TEST_FRAME failed")
1939 # RRB discarded frame with unknown packet_type
1940 pkt
= ehdr
+ '\x01' + '\x02' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1941 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1942 raise Exception("DATA_TEST_FRAME failed")
1944 # RRB Response with non-zero status code; no STA match
1945 pkt
= ehdr
+ '\x01' + '\x01' + '\x10\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + '\xff\xff'
1946 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1947 raise Exception("DATA_TEST_FRAME failed")
1949 # RRB Response with zero status code and extra data; STA match
1950 pkt
= ehdr
+ '\x01' + '\x01' + '\x11\x00' + _src_ll
+ '\x06\x01' + _src_ll
+ '\x00\x00\x00\x00\x00\x00' + '\x00\x00' + '\x00'
1951 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1952 raise Exception("DATA_TEST_FRAME failed")
1954 # Too short PMK-R1 pull
1955 pkt
= ehdr
+ '\x01' + '\xc8' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1956 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1957 raise Exception("DATA_TEST_FRAME failed")
1959 # Too short PMK-R1 resp
1960 pkt
= ehdr
+ '\x01' + '\xc9' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1961 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1962 raise Exception("DATA_TEST_FRAME failed")
1964 # Too short PMK-R1 push
1965 pkt
= ehdr
+ '\x01' + '\xca' + '\x0e\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
1966 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1967 raise Exception("DATA_TEST_FRAME failed")
1969 # No matching R0KH address found for PMK-R0 pull response
1970 pkt
= ehdr
+ '\x01' + '\xc9' + '\x5a\x00' + _src_ll
+ '\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + 76*'\00'
1971 if "OK" not in dev
[0].request("DATA_TEST_FRAME " + binascii
.hexlify(pkt
)):
1972 raise Exception("DATA_TEST_FRAME failed")
1975 def test_rsn_ie_proto_ft_psk_sta(dev
, apdev
):
1976 """RSN element protocol testing for FT-PSK + PMF cases on STA side"""
1977 bssid
= apdev
[0]['bssid']
1979 passphrase
="12345678"
1981 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
1982 params
["ieee80211w"] = "1"
1983 # This is the RSN element used normally by hostapd
1984 params
['own_ie_override'] = '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'
1985 hapd
= hostapd
.add_ap(apdev
[0], params
)
1986 id = dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
1987 ieee80211w
="1", scan_freq
="2412",
1988 pairwise
="CCMP", group
="CCMP")
1990 tests
= [ ('PMKIDCount field included',
1991 '30160100000fac040100000fac040100000fac048c000000' + '3603a1b201'),
1992 ('Extra IE before RSNE',
1993 'dd0400000000' + '30140100000fac040100000fac040100000fac048c00' + '3603a1b201'),
1994 ('PMKIDCount and Group Management Cipher suite fields included',
1995 '301a0100000fac040100000fac040100000fac048c000000000fac06' + '3603a1b201'),
1996 ('Extra octet after defined fields (future extensibility)',
1997 '301b0100000fac040100000fac040100000fac048c000000000fac0600' + '3603a1b201'),
1998 ('No RSN Capabilities field (PMF disabled in practice)',
1999 '30120100000fac040100000fac040100000fac04' + '3603a1b201') ]
2000 for txt
,ie
in tests
:
2001 dev
[0].request("DISCONNECT")
2002 dev
[0].wait_disconnected()
2005 hapd
.set('own_ie_override', ie
)
2007 dev
[0].request("BSS_FLUSH 0")
2008 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2009 dev
[0].select_network(id, freq
=2412)
2010 dev
[0].wait_connected()
2012 dev
[0].request("DISCONNECT")
2013 dev
[0].wait_disconnected()
2015 logger
.info('Invalid RSNE causing internal hostapd error')
2017 hapd
.set('own_ie_override', '30130100000fac040100000fac040100000fac048c' + '3603a1b201')
2019 dev
[0].request("BSS_FLUSH 0")
2020 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2021 dev
[0].select_network(id, freq
=2412)
2022 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2024 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
2026 raise Exception("Unexpected connection")
2027 dev
[0].request("DISCONNECT")
2029 logger
.info('Unexpected PMKID causing internal hostapd error')
2031 hapd
.set('own_ie_override', '30260100000fac040100000fac040100000fac048c000100ffffffffffffffffffffffffffffffff' + '3603a1b201')
2033 dev
[0].request("BSS_FLUSH 0")
2034 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2035 dev
[0].select_network(id, freq
=2412)
2036 # hostapd fails to generate EAPOL-Key msg 3/4, so this connection cannot
2038 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
2040 raise Exception("Unexpected connection")
2041 dev
[0].request("DISCONNECT")
2043 def test_ap_ft_ptk_rekey(dev
, apdev
):
2044 """WPA2-PSK-FT PTK rekeying triggered by station after roam"""
2046 passphrase
="12345678"
2048 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2049 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2050 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2051 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2053 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, ptk_rekey
="1")
2055 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
2056 "WPA: Key negotiation completed"], timeout
=5)
2058 raise Exception("No event received after roam")
2059 if "CTRL-EVENT-DISCONNECTED" in ev
:
2060 raise Exception("Unexpected disconnection after roam")
2062 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
2066 hwsim_utils
.test_connectivity(dev
[0], hapd
)
2068 def test_ap_ft_ptk_rekey_ap(dev
, apdev
):
2069 """WPA2-PSK-FT PTK rekeying triggered by AP after roam"""
2071 passphrase
="12345678"
2073 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2074 params
['wpa_ptk_rekey'] = '2'
2075 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2076 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2077 params
['wpa_ptk_rekey'] = '2'
2078 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2080 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
)
2082 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED",
2083 "WPA: Key negotiation completed"], timeout
=5)
2085 raise Exception("No event received after roam")
2086 if "CTRL-EVENT-DISCONNECTED" in ev
:
2087 raise Exception("Unexpected disconnection after roam")
2089 if dev
[0].get_status_field('bssid') == apdev
[0]['bssid']:
2093 hwsim_utils
.test_connectivity(dev
[0], hapd
)
2095 def test_ap_ft_internal_rrb_check(dev
, apdev
):
2096 """RRB internal delivery only to WPA enabled BSS"""
2098 passphrase
="12345678"
2100 radius
= hostapd
.radius_params()
2101 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2102 params
['wpa_key_mgmt'] = "FT-EAP"
2103 params
["ieee8021x"] = "1"
2104 params
= dict(radius
.items() + params
.items())
2105 hapd
= hostapd
.add_ap(apdev
[0], params
)
2106 key_mgmt
= hapd
.get_config()['key_mgmt']
2107 if key_mgmt
.split(' ')[0] != "FT-EAP":
2108 raise Exception("Unexpected GET_CONFIG(key_mgmt): " + key_mgmt
)
2110 hapd1
= hostapd
.add_ap(apdev
[1], { "ssid" : ssid
})
2112 # Connect to WPA enabled AP
2113 dev
[0].connect(ssid
, key_mgmt
="FT-EAP", proto
="WPA2", ieee80211w
="1",
2114 eap
="GPSK", identity
="gpsk user",
2115 password
="abcdefghijklmnop0123456789abcdef",
2118 # Try over_ds roaming to non-WPA-enabled AP.
2119 # If hostapd does not check hapd->wpa_auth internally, it will crash now.
2120 dev
[0].roam_over_ds(apdev
[1]['bssid'], fail_test
=True)
2122 def test_ap_ft_extra_ie(dev
, apdev
):
2123 """WPA2-PSK-FT AP with WPA2-PSK enabled and unexpected MDE"""
2125 passphrase
="12345678"
2127 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2128 params
["wpa_key_mgmt"] = "WPA-PSK FT-PSK"
2129 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2130 dev
[1].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2132 dev
[2].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
2135 # Add Mobility Domain element to test AP validation code.
2136 dev
[0].request("VENDOR_ELEM_ADD 13 3603a1b201")
2137 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="WPA-PSK", proto
="WPA2",
2138 scan_freq
="2412", wait_connect
=False)
2139 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
2140 "CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2142 raise Exception("No connection result")
2143 if "CTRL-EVENT-CONNECTED" in ev
:
2144 raise Exception("Non-FT association accepted with MDE")
2145 if "status_code=43" not in ev
:
2146 raise Exception("Unexpected status code: " + ev
)
2147 dev
[0].request("DISCONNECT")
2149 dev
[0].request("VENDOR_ELEM_REMOVE 13 *")
2151 def test_ap_ft_ric(dev
, apdev
):
2152 """WPA2-PSK-FT AP and RIC"""
2154 passphrase
="12345678"
2156 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2157 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2158 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2159 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2161 dev
[0].set("ric_ies", "")
2162 dev
[0].set("ric_ies", '""')
2163 if "FAIL" not in dev
[0].request("SET ric_ies q"):
2164 raise Exception("Invalid ric_ies value accepted")
2169 "390400000000" + "390400000000",
2170 "390400000000" + "dd050050f20202",
2171 "390400000000" + "dd3d0050f2020201" + 55*"00",
2172 "390400000000" + "dd3d0050f2020201aa300010270000000000000000000000000000000000000000000000000000ffffff7f00000000000000000000000040420f00ffff0000",
2173 "390401010000" + "dd3d0050f2020201aa3000dc050000000000000000000000000000000000000000000000000000dc050000000000000000000000000000808d5b0028230000" ]
2175 dev
[0].set("ric_ies", t
)
2176 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
,
2177 test_connectivity
=False)
2178 dev
[0].request("REMOVE_NETWORK all")
2179 dev
[0].wait_disconnected()
2180 dev
[0].dump_monitor()
2182 def ie_hex(ies
, id):
2183 return binascii
.hexlify(struct
.pack('BB', id, len(ies
[id])) + ies
[id])
2185 def test_ap_ft_reassoc_proto(dev
, apdev
):
2186 """WPA2-PSK-FT AP Reassociation Request frame parsing"""
2188 passphrase
="12345678"
2190 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2191 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2192 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2193 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2195 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2196 ieee80211w
="1", scan_freq
="2412")
2197 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2204 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2205 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2206 dev
[0].request("ROAM " + hapd2ap
.own_addr())
2209 req
= hapd2ap
.mgmt_rx()
2210 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
2211 if req
['subtype'] == 11:
2215 req
= hapd2ap
.mgmt_rx()
2216 if req
['subtype'] == 2:
2218 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
2220 # IEEE 802.11 header + fixed fields before IEs
2221 hdr
= binascii
.hexlify(req
['frame'][0:34])
2222 ies
= parse_ie(binascii
.hexlify(req
['frame'][34:]))
2223 # First elements: SSID, Supported Rates, Extended Supported Rates
2224 ies1
= ie_hex(ies
, 0) + ie_hex(ies
, 1) + ie_hex(ies
, 50)
2226 rsne
= ie_hex(ies
, 48)
2227 mde
= ie_hex(ies
, 54)
2228 fte
= ie_hex(ies
, 55)
2230 # RSN: Trying to use FT, but MDIE not included
2232 # RSN: Attempted to use unknown MDIE
2233 tests
+= [ rsne
+ "3603000000" ]
2234 # Invalid RSN pairwise cipher
2235 tests
+= [ "30260100000fac040100000fac030100000fac040000010029208a42cd25c85aa571567dce10dae3" ]
2236 # FT: No PMKID in RSNIE
2237 tests
+= [ "30160100000fac040100000fac040100000fac0400000000" + ie_hex(ies
, 54) ]
2239 tests
+= [ rsne
+ mde
]
2240 # FT: RIC IE(s) in the frame, but not included in protected IE count
2241 # FT: Failed to parse FT IEs
2242 tests
+= [ rsne
+ mde
+ fte
+ "3900" ]
2243 # FT: SNonce mismatch in FTIE
2244 tests
+= [ rsne
+ mde
+ "37520000" + 16*"00" + 32*"00" + 32*"00" ]
2245 # FT: ANonce mismatch in FTIE
2246 tests
+= [ rsne
+ mde
+ fte
[0:40] + 32*"00" + fte
[104:] ]
2247 # FT: No R0KH-ID subelem in FTIE
2248 tests
+= [ rsne
+ mde
+ "3752" + fte
[4:168] ]
2249 # FT: R0KH-ID in FTIE did not match with the current R0KH-ID
2250 tests
+= [ rsne
+ mde
+ "3755" + fte
[4:168] + "0301ff" ]
2251 # FT: No R1KH-ID subelem in FTIE
2252 tests
+= [ rsne
+ mde
+ "375e" + fte
[4:168] + "030a" + "nas1.w1.fi".encode("hex") ]
2253 # FT: Unknown R1KH-ID used in ReassocReq
2254 tests
+= [ rsne
+ mde
+ "3766" + fte
[4:168] + "030a" + "nas1.w1.fi".encode("hex") + "0106000000000000" ]
2255 # FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request
2256 tests
+= [ rsne
[:-32] + 16*"00" + mde
+ fte
]
2257 # Invalid MIC in FTIE
2258 tests
+= [ rsne
+ mde
+ fte
[0:8] + 16*"00" + fte
[40:] ]
2260 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + hdr
+ ies1
+ t
)
2262 def test_ap_ft_reassoc_local_fail(dev
, apdev
):
2263 """WPA2-PSK-FT AP Reassociation Request frame and local failure"""
2265 passphrase
="12345678"
2267 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2268 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2269 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2270 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2272 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2273 ieee80211w
="1", scan_freq
="2412")
2274 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2281 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2282 # FT: Failed to calculate MIC
2283 with
fail_test(hapd2ap
, 1, "wpa_ft_validate_reassoc"):
2284 dev
[0].request("ROAM " + hapd2ap
.own_addr())
2285 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
2286 dev
[0].request("DISCONNECT")
2288 raise Exception("Association reject not seen")
2290 def test_ap_ft_reassoc_replay(dev
, apdev
, params
):
2291 """WPA2-PSK-FT AP and replayed Reassociation Request frame"""
2292 capfile
= os
.path
.join(params
['logdir'], "hwsim0.pcapng")
2294 passphrase
="12345678"
2296 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2297 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2298 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2299 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2301 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2303 if dev
[0].get_status_field('bssid') == hapd0
.own_addr():
2310 dev
[0].scan_for_bss(hapd2ap
.own_addr(), freq
="2412")
2311 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2312 dev
[0].dump_monitor()
2313 if "OK" not in dev
[0].request("ROAM " + hapd2ap
.own_addr()):
2314 raise Exception("ROAM failed")
2319 req
= hapd2ap
.mgmt_rx()
2321 hapd2ap
.dump_monitor()
2322 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
2323 if req
['subtype'] == 2:
2325 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
2327 raise Exception("No TX status seen")
2328 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
2329 if "OK" not in hapd2ap
.request(cmd
):
2330 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2332 hapd2ap
.set("ext_mgmt_frame_handling", "0")
2333 if reassocreq
is None:
2334 raise Exception("No Reassociation Request frame seen")
2335 dev
[0].wait_connected()
2336 dev
[0].dump_monitor()
2337 hapd2ap
.dump_monitor()
2339 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
2341 logger
.info("Replay the last Reassociation Request frame")
2342 hapd2ap
.dump_monitor()
2343 hapd2ap
.set("ext_mgmt_frame_handling", "1")
2344 hapd2ap
.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii
.hexlify(req
['frame']))
2345 ev
= hapd2ap
.wait_event(["MGMT-TX-STATUS"], timeout
=5)
2347 raise Exception("No TX status seen")
2348 cmd
= "MGMT_TX_STATUS_PROCESS %s" % (" ".join(ev
.split(' ')[1:4]))
2349 if "OK" not in hapd2ap
.request(cmd
):
2350 raise Exception("MGMT_TX_STATUS_PROCESS failed")
2351 hapd2ap
.set("ext_mgmt_frame_handling", "0")
2354 hwsim_utils
.test_connectivity(dev
[0], hapd2ap
)
2359 ap
= hapd2ap
.own_addr()
2360 sta
= dev
[0].own_addr()
2361 filt
= "wlan.fc.type == 2 && " + \
2362 "wlan.da == " + sta
+ " && " + \
2364 fields
= [ "wlan.ccmp.extiv" ]
2365 res
= run_tshark(capfile
, filt
, fields
)
2366 vals
= res
.splitlines()
2367 logger
.info("CCMP PN: " + str(vals
))
2369 raise Exception("Could not find all CCMP protected frames from capture")
2370 if len(set(vals
)) < len(vals
):
2371 raise Exception("Duplicate CCMP PN used")
2374 raise Exception("The second hwsim connectivity test failed")
2376 def test_ap_ft_psk_file(dev
, apdev
):
2377 """WPA2-PSK-FT AP with PSK from a file"""
2379 passphrase
="12345678"
2381 params
= ft_params1a(ssid
=ssid
, passphrase
=passphrase
)
2382 params
['wpa_psk_file'] = 'hostapd.wpa_psk'
2383 hapd
= hostapd
.add_ap(apdev
[0], params
)
2385 dev
[1].connect(ssid
, psk
="very secret",
2386 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2387 scan_freq
="2412", wait_connect
=False)
2388 dev
[0].connect(ssid
, psk
=passphrase
, key_mgmt
="FT-PSK", proto
="WPA2",
2389 ieee80211w
="1", scan_freq
="2412")
2390 dev
[0].request("REMOVE_NETWORK all")
2391 dev
[0].wait_disconnected()
2392 dev
[0].connect(ssid
, psk
="very secret", key_mgmt
="FT-PSK", proto
="WPA2",
2393 ieee80211w
="1", scan_freq
="2412")
2394 dev
[0].request("REMOVE_NETWORK all")
2395 dev
[0].wait_disconnected()
2396 dev
[0].connect(ssid
, psk
="secret passphrase",
2397 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2399 dev
[2].connect(ssid
, psk
="another passphrase for all STAs",
2400 key_mgmt
="FT-PSK", proto
="WPA2", ieee80211w
="1",
2402 ev
= dev
[1].wait_event(["WPA: 4-Way Handshake failed"], timeout
=10)
2404 raise Exception("Timed out while waiting for failure report")
2405 dev
[1].request("REMOVE_NETWORK all")
2407 def test_ap_ft_eap_ap_config_change(dev
, apdev
):
2408 """WPA2-EAP-FT AP changing from 802.1X-only to FT-only"""
2410 passphrase
="12345678"
2411 bssid
= apdev
[0]['bssid']
2413 radius
= hostapd
.radius_params()
2414 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
, discovery
=True)
2415 params
['wpa_key_mgmt'] = "WPA-EAP"
2416 params
["ieee8021x"] = "1"
2417 params
["pmk_r1_push"] = "0"
2418 params
["r0kh"] = "ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2419 params
["r1kh"] = "00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"
2420 params
["eap_server"] = "0"
2421 params
= dict(radius
.items() + params
.items())
2422 hapd
= hostapd
.add_ap(apdev
[0], params
)
2424 dev
[0].connect(ssid
, key_mgmt
="FT-EAP WPA-EAP", proto
="WPA2",
2425 eap
="GPSK", identity
="gpsk user",
2426 password
="abcdefghijklmnop0123456789abcdef",
2428 dev
[0].request("DISCONNECT")
2429 dev
[0].wait_disconnected()
2430 dev
[0].dump_monitor()
2433 hapd
.set('wpa_key_mgmt', "FT-EAP")
2436 dev
[0].request("BSS_FLUSH 0")
2437 dev
[0].scan_for_bss(bssid
, 2412, force_scan
=True, only_new
=True)
2439 dev
[0].request("RECONNECT")
2440 dev
[0].wait_connected()
2442 def test_ap_ft_eap_sha384(dev
, apdev
):
2443 """WPA2-EAP-FT with SHA384"""
2445 passphrase
="12345678"
2447 radius
= hostapd
.radius_params()
2448 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2449 params
["ieee80211w"] = "2";
2450 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2451 params
["ieee8021x"] = "1"
2452 params
= dict(radius
.items() + params
.items())
2453 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2454 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2455 params
["ieee80211w"] = "2";
2456 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2457 params
["ieee8021x"] = "1"
2458 params
= dict(radius
.items() + params
.items())
2459 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2461 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, eap
=True,
2464 def test_ap_ft_eap_sha384_over_ds(dev
, apdev
):
2465 """WPA2-EAP-FT with SHA384 over DS"""
2467 passphrase
="12345678"
2469 radius
= hostapd
.radius_params()
2470 params
= ft_params1(ssid
=ssid
, passphrase
=passphrase
)
2471 params
["ieee80211w"] = "2";
2472 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2473 params
["ieee8021x"] = "1"
2474 params
= dict(radius
.items() + params
.items())
2475 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2476 params
= ft_params2(ssid
=ssid
, passphrase
=passphrase
)
2477 params
["ieee80211w"] = "2";
2478 params
['wpa_key_mgmt'] = "FT-EAP-SHA384"
2479 params
["ieee8021x"] = "1"
2480 params
= dict(radius
.items() + params
.items())
2481 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2483 run_roams(dev
[0], apdev
, hapd0
, hapd1
, ssid
, passphrase
, over_ds
=True,
2484 eap
=True, sha384
=True)